Connecting XrmToolBox to an MFA enabled Dynamics 365 environment | Azure AD

It has always been recommended to enable MFA on environments we work on. For developers, it is especially critical that MFA is enabled that developers are also someone who need to connect the https://www.xrmtoolbox.com/ more than ever!

Here’s one of the common challenges in being able to connect to an MFA enabled Dynamics 365 instance using XrmToolBox.

Register the Dynamics 365 environment as an App in Azure

Microsoft has provided a recommended way to register an App with Azure Active Directory and also the same has been mentioned in the XrmToolBox Connection utility. Below is a summary from the original Microsoft Documentation on the same – https://docs.microsoft.com/en-US/powerapps/developer/data-platform/walkthrough-register-app-azure-active-directory?WT.mc_id=DX-MVP-5003911

  1. Go to https://portal.azure.com/ and look for Azure Active Directory.


  2. Once you save it, you’ll get the Application (client) ID which which will be needed by the XrmToolBox while connecting.

  3. Go to the Manifest file and make “allowPublicClient” to true and Save it.

  4. Now, navigate to API Permissions from the left side menu.

  5. Now, search for the permission “Common Data Service” under the tab APIs for my organization uses.

  6. Make sure Delegated Permissions are selected and tick mark user_impersonation and click on Add permissions.


  7. Select the same and your permissions should look like below. Once this is the state, you are done on Azure side.


    Now, let’s connect XrmToolBox to the Dynamics 365 environment.

Connecting to Dynamics 365 using the XrmToolBox

Let’s see what steps you need to follow in order to connect to the Dynamics 365 instance

  1. Open XrmToolBox and create a New Connection.

  2. Now, since you are aware that the environment is MFA enabled, select MFA/OAuth method.


  3. Enter the URL of the Organization and click Next as shown below.


  4. Now, enter the Application ID which you can copy from the registered App in Azure.

  5. If you click on the “Use development Azure AD App”, the Reply Url will be populated automatically. Before that, you’ll see the message notifying which scenarios this is suitable.

  6. Read below. At this point, I haven’t tried the other method and stuck to the below since I connect XrmToolBox to the Dynamics 365 environment for development purpose.


  7. Once you click OK on the above, the Reply Url will be auto-populated and you can proceed further.

  8. Now, enter the username which you want to connect with. Supposedly, this is the one on which MFA is enabled.

  9. Upon clicking Next, you will be asked the Password of the credentials you are using.

  10. Once you’ve entered the same, it will send a request to your Authenticator on the registered device.


  11. One the device, assuming you have the Authenticator App installed already, you can Approve the same to let the Authentication go through.

  12. Upon Approval, the XrmToolBox will be authenticated and it will be connected to the Dynamics 365 environment. As usual, you can then give it a name and click Finish to save it on your XrmToolBox.





Hope this was helpful!!

Here are some more Azure / Dynamics 365 / XrmToolBox related posts you might want to check out –

  1. Find deprecated JS code used in your Dynamics 365 environment | Dynamics 365 v9 JS Validator tool | XrmToolBox
  2. Set Lookups in Xrm.WebApi D365 v9 correctly. Solving ‘Undeclared Property’ error
  3. Understanding Xrm.Page Object ModelForm Access Checker in new Power Apps Form Designer | Model-Driven Apps in Dynamics 365
  4. Use Rich-Text Control for Multiple Lines of Text in Dynamics 365 CE | Quick Tip
  5. Ribbon button visibility based on a field value in Dynamics 365 | Ribbon Workbench
  6. Pass Execution Context to JS Script function as a parameter from a Ribbon button in Dynamics 365 | Ribbon Workbench
  7. Log Canvas Power App telemetry data in Azure Application Insights | Power Apps
  8. Call Azure Function from Dynamics 365 CRM using Webhooks
  9. Use Azure App Passwords for MFA enabled D365 authentication from Console App
  10. Find Created On date of solution components in Solution Layers | Dynamics 365 [Quick Tip]

Thank you!!

Log Canvas Power App telemetry data in Azure Application Insights | Power Apps

Here’s how you can register your Canvas Power App in your Azure’s Application Insights and log telemetry data into Azure.

Some basic info about what all you can see in Application Insights is –

  1. Count of Users who used the app
  2. Events logged, Sessions logged
  3. Device info
  4. Region info

It’s quite simple to set it up! Let’s take a look –

Registering in Application Insights in Azure

First, make sure you do have an Azure Subscription. Let’s look at how you can register an Application Insight record.

  1. Look for Application Insights in Azure in the search bar

  2. Then, among other records, you can register a new one which will identify with your Canvas Power App

  3. Review all that you entered and move ahead

  4. It’ll be deployed pretty quickly within a few minutes unlike some heavy Azure resources

  5. Upon completion, you can navigate to the resource and see the details

    Zoomed In


Add Instrumentation Key to Canvas Power App

Next step is to add the Instrumentation Key to the Canvas Power App

  1. Look for the App itself in the Navigation tree

  2. Once you select that, you can then look at it’s Properties on the right hand side. In Instrumentation Key, paste the Instrumentation Key you copied when you created the App in the Azure.

  3. And to go with that, let’s say my Canvas Power App has some basic structure like below

Using Application Insights

As the users use the Canvas App, the following information is logged –

  1. Navigate to the Usage section in the Application Insights you registered and if you scroll down on the main pane, you can see w

  2. And then scroll down to reveal more Insight data


  3. Or, if you see Events, you can see info like this –

    I’m not completely sure why my users showed high when I tried with only 2 users. But perhaps, once I dive more deeper into using Application Insights and how each of the metrics are read, I’ll come back to update this post. 😊

And likewise, if you know how to read the Application Insights, you can customize this to give you what you need to see.

Here is some Microsoft Documentation on Application Insights to help you out –

  1. https://docs.microsoft.com/en-us/azure/azure-monitor/app/usage-segmentation

Hope this was useful. Here are more Azure/Canvas Power App related posts you might want to check –

  1. Call Azure Function from Dynamics 365 CRM using Webhooks
  2. Use Azure App Passwords for MFA enabled D365 authentication from Console App
  3. Call HTTP Request from a Canvas Power App using Flow and get back Response | Power Automate
  4. Launch URL on a Data Table Text column selection in a Canvas PowerApp | SharePoint Lists
  5. Call HTTP Request from a Canvas Power App using Flow and get back Response | Power Automate
  6. Send a Power App Push Notification using Flow to open a record in Canvas App | Power Automate
  7. Aggregate functions in a Canvas Power App | Using on SharePoint Lists
  8. Count of total CDS records returned in a Canvas Power App connection [Quick Tip]
  9. Dependent OptionSets in a Canvas Power App for 1:N related CDS entities | Power Platform
  10. Implement character length validation in a Canvas Power App | Power Platform

Thank you!

Call Azure Function from Dynamics 365 CRM using Webhooks

This is a vast topic to cover in a blog. But I wanted to write from a bird-eye’s view of how this will pan out in an implementation where you perform a certain operation in Dynamics 365 CRM and an Azure Function is called to perform further operations.

This post is written keeping in mind fair knowledge of Azure Functions, Storage accounts and subscriptions in mind.

I’ll try to keep the article short, so stay with me! 🙂

Create a Function App in Azure

  1. Let’s say you have created a Function App in Azure already and want to connect to Dynamics 365 CRM. Click on the big + New Function button in the screenshot below
    resourceOverview_LI
  2. Now, since I want to keep Visual Studio as my driver for coding and deployment, I’ll create a new Project in Visual Studio of type Azure Functions and click Next
    newProj
  3. On the next page, I’ll give a relevant name and hit Create.
    createProjectButton
  4. Since we will be using Webhooks to connect to the Azure Function, the trigger chosen here is Http Trigger.Make sure you select Framework because Microsoft.Xrm.Sdk assemblies don’t work on .NET Code, but on .NETFramework only.And then you should take care of what your Storage Account and Authorization should be – Finally click Create once done.
    frameWorkSelected
  5. The Project will open with 1 .cs file, so make sure you name your plugin initially –
    accountPluginGetsInApp
  6. It’ll take a while to create the Project. Once created, go to the Portal on Azure and click on the Get Publish Profile
    getPublishProf_LI
    It will be downloaded on the computer. Keep it so that you can import it on the Project in Visual Studio to use for Direct Publish.
    downloadedProfile
  7. Now, right click and chose Publish to make your first push as is so that the Account Function gets pushed to Azure App.
    firstPublish
  8. Then, click on Import and import the Publish Profile settings downloaded in step #5 above –
    selectImport
  9. Once imported, you’ll be taken here – simply Publish once.
    quickPublish
  10. Once Publish is successful, check in the Azure App in Portal, the Function should appear.
    accountPluginGetsInApp

 

Modifying code to read Webhook Call from Dynamics 365

  1. To keep it simple, I’m simply reading the context and then, you can flourish your App further to make it work as required.
    captureContextSo, I’m only reading the request into a String and logging it so that we can see it in the logs in the Azure Function app.
  2. You can use RemoteExecutionContext class to actually get all the contextual information into the Function app and then use it further. See below –
    remotecontext
  3. Once ready with your code, Publish it.

Now, let’s Register the Webhook and call the app.

If you’re also looking for remote debugging, this is a great article-Remote Debugging Azure Functions V2 “The breakpoint will not currently be hit. No symbols have been loaded for this document”

Register a Webhook in Plugin Registration Tool

Coming to Dynamics 365 CRM side of things, you can register a Webhook that will trigger on Account Name update to fire off the AccountPlugin Function App created above –

  1. In Plugin Registration Tool, register a new Webhook
    registerWebHook
  2. Enter Webhook Details. Select Authentication type as WebhookKey
    enterWebhookDetails
  3. Now, to get the key, go to the Function App in portal, and look </> Get function URL link.
    getKeyandURL
  4. Copy the same and paste in Notepad, separate the code part from the main URL
    selectCopy
    separateCodePart
  5. Paste the URL part in Endpoint URL and key in the Value field. Click Save.
    registerWebHookWIthDetails
  6. Now, add a Step to the Webhook. For this example, I’ve chosen update of Account‘s Account Name field
    addStepregisterStepInWebhook
    And Register it.

Execution

  1. The purpose was to simply ready Dynamics 365 Account record upon modification of the Account Name
    recordChange
    And save the record.
  2. In a minute or so, the Log will be generated (only the logs take a little longer to generate)
    triggered
    And thus, we are able to send data / or rather, call Azure Function and process Dynamics 365 CRM data using Webhooks.

Some other Azure related post you might like to look at – Use Azure App Passwords for MFA enabled D365 authentication from Console App

Hope this was helpful! Tried my best to keep it basic and short as possible. I’m sure you all will explore way beyond and develop awesome implementations!

Use Azure App Passwords for MFA enabled D365 authentication from Console App

If you have a Console App that authenticates to D365 using a credential (typically, an Administrator) but now the administrator is setup for Multi-Factor authentication, your Console App won’t work. So here’s what you can do.

If you first want to check out about enabling Multi-Factor Authentication, you can check my blog post on it here – Office 365 Admin: Quickly Enable Multi-factor authentication for users

Standard Authentication vs MFA enabled User

When there’s not MFA enabled for Dynamics 365 (Office 365) account credentials, you are able to connect to the organization with no issues and get the CRMServiceClient in your application easy.
authenticated

But, if you have Multi-Factor Authentication enabled for a credential that is used in Console Apps to connect to D365, the Console App will not connect and the CrmCerviceClient will have null as below with the error ‘Unable to Login to Dynamics CRM

unabletologin

Managing App Passwords on Azure Portal

Once you have multi-factor authentication enabled for your account, you can go to portal.azure.com and manage App Passwords as follows –

  1. In Azure Portal, go to your account settings.
    gotoaccount
  2. Then, go to Additional security verification
    additionalsecurityverification
  3. Look for App Passwords
    apppasswords
  4. You can manage and create more passwords here
    manageapppasswords
  5. Create a password if you don’t want to use a default one or want to use different passwords for different apps. Give it a suitable name and click Next
    createapppassword
  6. Copy the password as it is the only time it will be displayed.
    copypassowrd
  7. And you can see your passwords as you create them
    morepasswords

 

Implementing App Passwords in Console App

As the name suggests, App Passwords will let you create special passwords for applications to authenticate to Dynamics 365 without needing to go through multi-factor authentication like when you’re running a Console App to connect to Dynamics 365

  1. Go to the Password in the credentials in the App.Config of the Console Application
    oldpassword
  2. And replace it with the App Password
    newpassword
  3. Now, Build the application and run it. It will authenticate successfully.
    authenticated

Hope this helps! 🙂